Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Information Disclosure

This page lists 612 vulnerabilities in this category.

Critical: 5 High: 392 Medium: 135 Low: 70 Information: 10
Vulnerability Name
CVE
CWE
Severity
GlassFish admin console weak credentials
-
CWE-693
High
Devise weak password
-
CWE-200
High
Struts2 Development Mode Enabled
-
CWE-489
High
Apache Axis2 administration console weak password
-
CWE-200
High
Configuration file source code disclosure
-
CWE-538
High
web.xml configuration file disclosure
-
CWE-538
High
Configuration file disclosure
-
CWE-538
High
Macromedia Dreamweaver remote database scripts
CVE-2004-1893
CWE-200
High
[Possible] Backup Source Code Detected
-
CWE-538
High
Ubiquiti Unifi Log4Shell RCE
CVE-2021-44228
CWE-78
High
VMware Horizon Log4Shell RCE
CVE-2021-44228
CWE-78
High
qdPM Information Disclosure
-
CWE-260
High
XML entity injection
-
CWE-611
High
Core dump file
-
CWE-200
High
Delve Debugger Unauthorized Access Vulnerability
-
CWE-200
High
The Heartbleed Bug
CVE-2014-0160
CWE-200
High
GoCD information disclosure (CVE-2021-43287)
CVE-2021-43287
CWE-200
High
Laravel Terminal open
-
CWE-200
High
Arbitrary local file read via file upload
-
CWE-200
High
Oracle E-Business Suite Information Disclosure
-
CWE-200
High
Unrestricted access to Caddy API interface
-
CWE-200
High
Possible database backup
-
CWE-538
High
Apache Tomcat examples directory vulnerabilities
-
-
Medium
Jenkins dashboard
-
CWE-200
Medium
PHP curl_exec() url is controlled by user
CVE-2009-0037
CWE-352
Medium
apc.php page found
-
CWE-538
Medium
Webalizer script
-
CWE-538
Medium
Grails database console
-
CWE-200
Medium
Sensitive Data Exposure
-
CWE-200
Medium
WordPress pingback scanner
CVE-2013-0235
CWE-918
Medium
WordPress database credentials disclosure
-
CWE-538
Medium
Source Code Disclosure
-
CWE-538
Medium
SQLite Database File Found
-
CWE-538
Medium
PHPinfo pages
-
CWE-200
Medium
Frontpage authors.pwd available
-
CWE-538
Medium
Full public read access Azure blob storage
-
CWE-732
Medium
Directory listings
-
CWE-538
Medium
Unprotected JSON file leaking secrets
-
CWE-200
Medium
CVS Detected
-
CWE-527
Medium
JBoss status servlet information leak
CVE-2010-1429
CWE-200
Medium
[Possible] AWStats Detected
-
CWE-538
Medium
Apache Server-Status Detected
-
CWE-200
Medium
Apache Server-Info Detected
-
CWE-200
Medium
WebDAV directory listing
-
CWE-538
Medium
WordPress username enumeration
-
CWE-200
Medium
Apache httpOnly cookie disclosure
CVE-2012-0053
CWE-200
Medium
Chrome Logger information disclosure
-
CWE-200
Medium
JetBrains .idea project directory
-
CWE-538
Medium
Tornado debug mode
-
CWE-489
Medium
Spring Boot Actuator v2
-
CWE-489
Medium
Drupal Views module information disclosure vulnerability
-
CWE-200
Medium
ASP.NET CustomErrors Is Disabled
-
CWE-12
Medium
Arbitrary file existence disclosure in Action Pack
CVE-2014-7829
CWE-200
Medium
Apache Tomcat sample files
-
CWE-538
Medium
MongoDB HTTP status interface
-
CWE-200
Medium
Symfony web debug toolbar
-
CWE-489
Medium
Global.asa backup file found
-
CWE-538
Medium
Apache Axis2 information disclosure
-
CWE-200
Medium
Virtual host directory listing
-
CWE-538
Medium
Amazon S3 public bucket
-
CWE-732
Medium
ASP.NET diagnostic page
-
CWE-200
Medium
Django Debug Mode Enabled
-
CWE-200
Medium
Spring Boot Actuator
-
CWE-489
Medium
ASP.NET application-level tracing enabled
-
CWE-215
Medium
W3 total cache debug mode
-
CWE-489
Medium
SharePoint exposed web services
-
CWE-200
Medium
Insecure transition from HTTP to HTTPS in form post
-
CWE-200
Medium
[Possible] Password Transmitted over Query String
-
CWE-200
Medium
Rails controller possible sensitive information disclosure
-
CWE-200
Medium
Core dump checker PHP script
-
CWE-200
Medium
[Possible] Database Connection String Detected
-
CWE-200
Medium
Oracle applications logs publicy available
-
CWE-200
Medium
Development configuration files
-
CWE-538
Medium
Password found in server response
-
CWE-312
Medium
Apache perl-status enabled
-
CWE-200
Medium